Evaluating cyber risk with internal audits

Anticipation is essential when safeguarding an organization’s assets against cyber security risks in an emerging threat landscape.

Cybercrime is one of the world’s fast-growing and most lucrative industries, and the costs associated with data breaches and cyber-attacks can be debilitating. Many organizations list cyber security as one of their top priorities and have begun to integrate it with the overall business strategy, but they must stop reacting and instead anticipate cyber-attacks. An internal audit of cyber risk factors will help organizations to assess the overall strategy from governance, architectural, operational and technological perspectives to create a well-defined approach to cyber threats.

Internal audits should consider these five cyber risk factors to protect the company’s assets and work to reduce the potential for data breaches:

  • Emerging threats. As cyber threats evolve and become more sophisticated, companies must rely upon a strategy that encompasses governance, architectural, operational, and technology perspectives.    
  • Technology change. New and emerging technologies have added more complex security risks, which should be addressed by security-by-design principles and reviews prior to final implementation.
  • Regulatory change. New data security and privacy laws place additional controls upon organizations, and those who do not address these requirements open themselves up to regulatory sanctions or fines. 
  • Business change. Technology change, new business models and the impact of mergers and acquisitions (M&A), among other concerns, heighten cyber risk if not examined with the depth and breadth they should be. 
  • Third party risk. Access to an organization’s data, including customer’s private and confidential information, requires increased reliance and performance assessments on vendors.

With a thorough understanding of the business’s objectives, risks, and process, the internal audit function can fully address cyber security challenges in all areas of the business, including business goals and strategy, framework alignment, emerging risks and threats, and talent and staffing.

Learn how KPMG can help your organization to evaluate its cyber security risks and respond rapidly to threats in “The role of internal audit in cyber security readiness.”